TikTok’s Android app collected users’ MAC addresses for 18 months in violation of the platform rules, as discovered by a Wall Street Journal investigation. The addresses would have served as a unique identifier for each user’s device, making them valuable for both advertising and potentially more invasive forms of tracking.
By 2015, both iOS’s App Store and the Google Play Store had banned the collection of MAC addresses as a matter of policy, but TikTok was still able to obtain the identifier through a loophole. A study cited by the Journal found that nearly 350 apps on the Google Play Store had taken advantage of a similar loophole, generally for ad-targeting purposes.
TikTok discontinued the practice in November of last year, a shift in policy the Journal attributes to mounting political pressure from Washington.
Reached for comment, TikTok emphasized that it had discontinued the practice.
We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses. We always encourage our users to download the most current version of TikTok.
TikTok Representative
The revelation comes at a delicate time for TikTok, which is facing difficult questions from the White House over its Chinese parent company’s level of access to US user data. Last week, the White House issued an executive order to cut off all US transactions with the company, beginning September 20th, if it is not able to complete a sale of its US operations by that time. The company is currently in talks with Microsoft, but it is unclear how far the deal will proceed.
The Journal findings cut against the best argument in TikTok’s defense, that the system doesn’t collect any more data than a standard mobile app. While most often used for ad tracking, collecting MAC addresses is among the more invasive forms of the practice.
Source: Wall Street Journal
North Carolina - US: A TikTok challenge left a 16-year-old North Carolina boy with 75%…
Australia banned TikTok on all government devices over security concerns, joining a list of TikTok…
The UK’s privacy data watchdog fined TikTok $15.9 million for breaching data protection law including…
Cerebral, a mental health startup admits it shared the private health data of over 3.1 million…
Brussels - Belgium: Belgium banned TikTok from government devices over worries about cybersecurity, privacy and misinformation, after recent…
The Biden administration on Monday gave 30 days to remove the TikTok from government issued devices.…